Re: Use-after-free in TUNSETIFF
[Posted September 11, 2013 by jake]
| From: |
| Ben Hutchings <bhutchings-AT-solarflare.com> |
| To: |
| Stephen Hemminger <stephen-AT-networkplumber.org> |
| Subject: |
| Re: Use-after-free in TUNSETIFF |
| Date: |
| Wed, 11 Sep 2013 15:44:07 +0100 |
| Message-ID: |
| <1378910647.1538.13.camel@bwh-desktop.uk.level5networks.com> |
| Cc: |
| Wannes Rombouts <wannes.rombouts-AT-epitech.eu>, <davem-AT-davemloft.net>, <jasowang-AT-redhat.com>, <mst-AT-redhat.com>, <edumazet-AT-google.com>, <nhorman-AT-tuxdriver.com>, <netdev-AT-vger.kernel.org>, Kevin Soules <kevin.soules-AT-epitech.eu> |
| Archive‑link: | |
Article |
On Tue, 2013-09-10 at 17:32 -0700, Stephen Hemminger wrote:
[...]
> [1] A user with CAP_NET_ADMIN can basically hose the system many other ways.
> Capabilities are a failed security model.
> Almost all distro's limit CAP_NET_ADMIN to root anyway.
tun uses ns_capable(), not capable(). If user namespaces are enabled
then I think any user can create their own user & net namespaces, be
'root' in those namespaces and then invoke TUNSETIFF successfully.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
